As more companies begin to realize the importance of using encryption software like AlertBoot (sometimes prodded by industry regulators and state, federal, and national law), we are beginning to find that data breaches are beginning to shift towards smaller business concerns. Take for example the following story about a yoga studio in Canada.

Laptop Stolen, Cash, and Checks Stolen from SMB

According to niagarathisweek.com, a yoga studio owner experienced a burglary while she took a coffee break. Upon returning from her short rest, she found that someone had stolen her laptop computer, apparently valued at $25 at a pawn shop, as well as the studio's checks and petty cash in the amount of $150 or so.

The computer contained photographs, "confidential client files," and class plans. All in all, it doesn't sound like a terrible data breach, assuming that the confidential client files didn't include financial data or sensitive personal information like SSNs (or their Canadian equivalent).

What does rankle me, though, is the following statement: "Luckily, the computer is password protected, said," the studio owner.

Password-Protection: It's More Marketing Speak than Actual Protection

Password-protection doesn't mean what you think it means. To most, it means security when it comes to a computer and its data. A quick search online will show you that it's anything but. If you need to compare it to things less esoteric than computers and electronic data, compare password-protection to a boom gate (those mechanized arms that prevent your car from entering a public garage until you take the ticket). The analogy is more than apt.

Consider the boom gate. Its purported purpose it is to keep cars outside of an establishment until they are authorized to go in, whether it be by taking a ticket or speaking with someone. But you know from YouTube footage that the only reason this works is because people are ordinarily quite decent: they stop at the boom until it's raised. But in reality, there is nothing stopping someone from just driving through it…and the boom will not stop jack squat.

You might say that the purpose of the boom gate is "to momentarily stop honest, decent people to take a particular action before passing, but mangling any cars, to a certain degree, that don't do so…before they pass anyway."

Password-protection is similar in nature. It stops honest people from accessing the computer, but there are plenty of easy (and free) ways to get around it if one really resolves to do so. Again, an online search will confirm this.

At this point, password-protection might as well be meaningless marketing speak. But, most people don't know this – you need a certain degree of expertise when it comes to such matters. Big companies hire experts, so they know not to rely on password-protection (they'll go for something like managed disk encryption from us), but smaller companies are at a disadvantage.

So, how to rectify the problem? My guess is as good as yours. Short of educating people as they setup their businesses (as they are registering their business with the state, for example), there is no easy approaches to the problem.

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading
provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing
support of the AlertBoot disk encryption managed service.
Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts
University in Medford, Massachusetts, U.S.A.